The AlienVault Blogs: Taking On Today’s Threats
Latest

The most recent posts from across the AlienVault blogs.

Labs

Late-breaking discoveries and in-depth analysis.

How-To

Practical, how-to advice, tips and guidance.

Hot

Perspectives on trends and industry happenings.

Category: Malware

Posted in Blog: Labs Blog

Looking at the evolution of ransomware, accepting bitcoin as a payment method is probably taking too long for most common ransomware families. Not long ago, we have seen a ransomware family that accepts MoneyPak, Ukash, cashU and Bitcoin as payment methods. Its name is CryptoLocker and is detected by Microsoft as Crilock.A. Just one month after Microsoft… Read more

Posted in: Attacks, Malware, Crimeware
Tags: malware, bitcoin, ransomware

Posted in Blog: Labs Blog

Just a few days ago, the source code of the famous KINS banking trojan was leaked. KINS is a professional-grade banking trojan, destinated to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now,… Read more

Posted in: Malware, Exploits, Windows, Crimeware
Tags: malware, yara, botnet, criminals, bot, crimeware

Posted in Blog: Labs Blog

Malware authors are aware of new technologies and research made by the security community. This is palpable when they implement new vulnerability exploitation on their tools or even reuse source code that belongs to public projects. We have discussed antivm and antisandbox analysis tricks seen in malware samples several times. Not long ago we came across a malware sample that… Read more

Posted in: Malware, Crimeware
Tags: malware, sandbox, reversing, analysis, antivm

Posted in Blog: Labs Blog

A few days ago Microsoft Malware Protection Center published a great blog post about some undocumented instruction tricks being used by several malware families. As you can read in the post, they found some malware samples using FPU instructions  that lead to incorrect disassembly in several debuggers and disassemblers. I decided to write a small Python script to help us… Read more

Posted in: News, Attacks, Malware, Python, Crimeware
Tags: malware, assembly, fpus

Posted in Blog: Labs Blog

Ransomware is popular among bad actors. Reveton malware family (based on Citadel) made a difference last year, now it is loosing popularity in favor of Urausy, just another lock-screen ransomware. There are a plenty of them living in the wild, but in this post we are going to focus on Urausy. These malware families are being spread by using exploit… Read more

Posted in: Attacks, Malware
Tags: malware, ransomware, urausy